Security Basics mailing list archives

Re: Malware and DoS analysis

From: gmx <pal_adam () gmx net>
Date: Thu, 20 Jul 2006 23:09:05 +0200

Hello bitshield,

As far as i know, it doesnt make sense to test/analyze DOS
vulnerability, here are some reasons:

-hard to simulate a test, needs a lot of ressources
-dos mosltly ends in system failure, which can stop the production and
be pretty expensive
-no efficient measurements IF you found out that the company can be
dos`ed , the less which exist and are working (i think riverhead
technologies) are very expensive to be implemented
-mostly dos is not that intresting for intrusion

thats my point of view...

best regards

Adam Pal




Wednesday, July 19, 2006, 8:04:35 AM, you wrote:

<==============Original message text===============
bgc> Hello


bgc> Im trying to analyse a companys vulnerability to malware
bgc> (Viruses, Trojans, Backdoors, etc)  and DoS. Im however a little
bgc> bit stuck in finding an approach to do that. Im trying to
bgc> collect properties that make a corporate environment vulnerable
bgc> to certain kinds of malware and DoS attacks.


bgc> Some of the points I want to have a closer look are:

bgc> -  Internet Access architecture

bgc> - Intranet and DMZ architecture

bgc> - General Network defences

bgc> - Anti-Virus deployment

bgc> - Deployed Operating Systems and their patch level

bgc> - Employees awareness regarding malware

bgc> - Proper defence-in-depth concept


bgc> Do you guys have any other ideas? What can be considered to analyze DoS susceptibility?


bgc> Thanks for your feedbacks

bgc> Joe


bgc> ---------------------------------------------------------------------------
bgc> This list is sponsored by: Norwich University

bgc> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
bgc> The NSA has designated Norwich University a center of Academic Excellence
bgc> in Information Security. Our program offers unparalleled Infosec management
bgc> education and the case study affords you unmatched consulting experience.
bgc> Using interactive e-Learning technology, you can earn this esteemed degree,
bgc> without disrupting your career or home life.

bgc> http://www.msia.norwich.edu/secfocus
bgc> ---------------------------------------------------------------------------

<===========End of original message text===========




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Malware and DoS analysis bitshield (Jul 19)
- RE: Malware and DoS analysis David Gillett (Jul 21)
- Re: Malware and DoS analysis gmx (Jul 21)
- Message not available
  - Re: RE: Malware and DoS analysis Joe (Jul 24)
- <Possible follow-ups>
- Re: Malware and DoS analysis SecurityFocus (Jul 21)
- Re: Malware and DoS analysis jacco (Jul 21)